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"Last Mile” Barriers to Removing Legacy BIOS 


What is the “Last Mile”? 
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Last mile: the last step of delivering infrastructure to customers... 
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Wait... we're still talking about BIOS? 

Why? 

There is still a reliance on 16-bit BIOS via 

the Compatibility Support Module (CSM) 

1. People still use software that depends 
on 16-bit BIOS runtime 


2. Power-users “disable UEFI” to bypass 
secure boot or setup multi-OS boot 
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UEFI Class 1 


e Uses UEFI/PI interfaces 

e Runtime exposes only 
legacy BIOS runtime 
interfaces 


UEFI Class 2 UEFI Class 3 


e Uses UEFI/PI interfaces e Uses UEFI/PI interfaces 


e Runtime exposes UEFI and e Runtime exposes only 
legacy BIOS interfaces UEFI interfaces 
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I 
... and there's one “unspoken class” EG 


UEFI Class 3+ 


e Uses UEFI/PI interfaces 


e Runtime exposes only 
UEFI interfaces 


e UEFI Secure Boot ON 


Enabling secure boot 
essentially creates 
another UEFI Class 
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Why are BIOS & CSM still a thing? 


° One specific tool doesn't work with 


UEFI, so users turn on the CSM as a fix 
(as we say in Georgia, duct tape is cheaper than welding) 


e Some users blame UEFI or Secure Boot 


whenever something doesn't work 
(if you don't believe me, search for “UEFI” on Twitter) 
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Issues Relying on 16-bit Legacy 


Security Risks 

e No standards for secure boot or signed code execution 
Complicates Validation 

e Requires two validation paths (CSM ON & CSM OFF) 


Supporting Modern Technology 


e New technologies may not provide backward compatibility 
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What is the "last mile km” for UEFI? EG 


Retiring legacy code and related processes 

° Tools (disk duplication, testing, update) 

° Network Boot (PXE) to legacy images 
Remove user motivations to stick with BIOS 
° Improve experience with UEFI Secure Boot 


* Promote enhanced UEFI features (HTTPS 
Boot, OS Recovery, Signed Capsule, ...) 
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Advantages using UEFI Class 3 
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Advantages using UEFI Class 3 


o Smaller code size (ROM & OpROM) 


e Smaller validation/support footprint 


o Encourage use of new technologies 
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Industry is moving away from CSM EG 


Many Intel Architecture platforms 
are UEFI Class 3/3+ out of the box 


° Many platforms with CSM (UEFI Class 2) 
have it disabled by default (required 
when UEFI Secure Boot is enabled) 

° Now mandated for specific platforms 


° See ‘Security requirements’ on "UEFI 


requirements for Windows editions on 
SoC platforms” @ microsoft.com 
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Intel is deprecating legacy support EG 


Intel is removing legacy BIOS support from 
client & data center platforms by 2020 


° Platforms will be strictly UEFI Class 3 

° No 16-bit OPROM (VGA, LAN, Storage) 

This will break any customer process that 
depends on “disabling UEFI” (“CSM ON”} 
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Areas of Focus 
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Areas of Focus 


° Improve user experience with UEFI Secure 
Boot (OS install, tools, recovery) 


Eliminate components with no UEFI support 


Remove DOS/BIOS dependencies from 
manufacturing/maintenance tools 


° Educate customers on migrating network 
boot to UEFI (PXE & HTTPS) 
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Areas of Focus 
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° Improve user experience with UEFI Secure 


Boot (OS install, tools, recovery) 


This is the typical consumer scenario, and the most 


restrictive from a validation standpoint. So... 

° Validate your tools with secure boot on 

° Customers shouldn't have to disable secure boot or 
enable CSM to solve common recovery problems 
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Areas of Focus 


+ Eliminate components with no UEFI support | 


It’s a supply chain problem... wait, we’re the supply chain! 


° Drivers, peripherals, and utilities work without CSM 
° No DOS requirements for pre-OS validation/tools 
(try UEFI Shell or Python) 
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Areas of Focus 


No DOS requirements for pre-OS validation or 
maintenance tools (try UEFI Shell or Python) 


° Remove DOS/BIOS dependencies from ` 
manufacturing/maintenance tools | 
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Can you run manufacturing tests with 


UEFI Secure Boot enabled (UEFI Class 3+)? 
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Areas of Focus 


Promote improved functionality powered by UEFI 
(i.e. why are HTTPS & OS Recovery awesome?) 


Remove our customer's incentives to stick with 
outdated tools that require DOS & BIOS 


* Educate customers on migrating network 
boot to UEFI (PXE & HTTPS) 
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"Last Mile" Barriers to Removing Legacy BIOS 


Call to Action 
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Call to Action 


° Many UEFI platforms still enable legacy BIOS 
compatibility using CSM 

° CSM expose security issues and delays 100% 
migration to UEFI 

° Many modern features have no equivalent legacy 
functionality and require booting in “UEFI mode” 

° Intel is planning to deprecate legacy compatibility 
by 2020, and is working with partners on a smooth 
industry transition 
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Thanks for attending the Fall 2017 
UEFI Plugfest 


For more information on the UEFI 
Forum and UEFI Specifications, visit 
http://www.uefi.or 
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